You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2012/08/22 17:49:21 UTC
svn commit: r1376102 - in /jackrabbit/oak/trunk:
oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/
oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/
oak-core/src/main/java/org/apache/jackrabbit/oak/...
Author: angela
Date: Wed Aug 22 15:49:20 2012
New Revision: 1376102
URL: http://svn.apache.org/viewvc?rev=1376102&view=rev
Log:
OAK-50 : Implement User Management (WIP)
OAK-91 : Authentication (WIP)
Added:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/Authentication.java
- copied, changed from r1376019, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/Authentication.java
Removed:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/Authentication.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthentication.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenInfo.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImpl.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationImpl.java?rev=1376102&r1=1376101&r2=1376102&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationImpl.java Wed Aug 22 15:49:20 2012
@@ -16,11 +16,13 @@
*/
package org.apache.jackrabbit.oak.security.authentication;
+import java.security.Principal;
+import java.util.Set;
import javax.jcr.Credentials;
import javax.jcr.GuestCredentials;
import javax.jcr.SimpleCredentials;
-import java.security.Principal;
-import java.util.Set;
+
+import org.apache.jackrabbit.oak.spi.security.authentication.Authentication;
/**
* AuthenticationImpl...
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java?rev=1376102&r1=1376101&r2=1376102&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java Wed Aug 22 15:49:20 2012
@@ -18,7 +18,6 @@ package org.apache.jackrabbit.oak.securi
import java.io.IOException;
import java.security.Principal;
-import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
@@ -36,8 +35,8 @@ import javax.security.auth.login.LoginEx
import org.apache.jackrabbit.oak.api.AuthInfo;
import org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule;
+import org.apache.jackrabbit.oak.spi.security.authentication.Authentication;
import org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials;
-import org.apache.jackrabbit.oak.spi.security.authentication.PrincipalProviderCallback;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -165,33 +164,6 @@ public class LoginModuleImpl extends Abs
}
//--------------------------------------------------------------------------
-
- private Set<Principal> getPrincipals(String userID) {
- PrincipalProvider principalProvider = getPrincipalProvider();
- if (principalProvider == null) {
- log.debug("Commit: Cannot retrieve principals. No principal provider configured.");
- return Collections.emptySet();
- } else {
- return principalProvider.getPrincipals(userID);
- }
- }
-
- private PrincipalProvider getPrincipalProvider() {
- PrincipalProvider principalProvider = null;
- if (callbackHandler != null) {
- try {
- PrincipalProviderCallback principalCallBack = new PrincipalProviderCallback();
- callbackHandler.handle(new Callback[] {principalCallBack});
- principalProvider = principalCallBack.getPrincipalProvider();
- } catch (IOException e) {
- log.warn(e.getMessage());
- } catch (UnsupportedCallbackException e) {
- log.warn(e.getMessage());
- }
- }
- return principalProvider;
- }
-
@CheckForNull
private String getUserID() {
// TODO add proper implementation
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthentication.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthentication.java?rev=1376102&r1=1376101&r2=1376102&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthentication.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthentication.java Wed Aug 22 15:49:20 2012
@@ -19,10 +19,11 @@ package org.apache.jackrabbit.oak.securi
import java.security.Principal;
import java.util.Date;
import java.util.Set;
+import javax.annotation.Nonnull;
import javax.jcr.Credentials;
import org.apache.jackrabbit.api.security.authentication.token.TokenCredentials;
-import org.apache.jackrabbit.oak.security.authentication.Authentication;
+import org.apache.jackrabbit.oak.spi.security.authentication.Authentication;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -40,6 +41,7 @@ class TokenAuthentication implements Aut
this.tokenProvider = tokenProvider;
}
+ //-----------------------------------------------------< Authentication >---
@Override
public boolean authenticate(Credentials credentials) {
boolean success = false;
@@ -58,11 +60,16 @@ class TokenAuthentication implements Aut
return false;
}
+ //-----------------------------------------------------------< internal >---
+ @Nonnull
TokenInfo getTokenInfo() {
+ if (tokenInfo == null) {
+ throw new IllegalStateException("Token info can only be retrieved upon successful authentication.");
+ }
return tokenInfo;
}
- //--------------------------------------------------------------------------
+ //------------------------------------------------------------< private >---
private boolean validateCredentials(TokenCredentials tokenCredentials) {
// credentials without userID -> check if attributes provide
// sufficient information for successful authentication.
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenInfo.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenInfo.java?rev=1376102&r1=1376101&r2=1376102&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenInfo.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenInfo.java Wed Aug 22 15:49:20 2012
@@ -17,6 +17,7 @@
package org.apache.jackrabbit.oak.security.authentication.token;
import java.util.Map;
+import javax.annotation.Nonnull;
import org.apache.jackrabbit.api.security.authentication.token.TokenCredentials;
@@ -25,13 +26,19 @@ import org.apache.jackrabbit.api.securit
*/
public interface TokenInfo {
+ @Nonnull
+ String getUserId();
+
+ @Nonnull
String getToken();
boolean isExpired(long loginTime);
boolean matches(TokenCredentials tokenCredentials);
+ @Nonnull
Map<String, String> getPrivateAttributes();
+ @Nonnull
Map<String, String> getPublicAttributes();
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java?rev=1376102&r1=1376101&r2=1376102&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java Wed Aug 22 15:49:20 2012
@@ -67,8 +67,11 @@ public class TokenLoginModule extends Ab
if (authentication.authenticate(tc)) {
tokenCredentials = tc;
tokenInfo = authentication.getTokenInfo();
- userID = null; // TODO: getUserID(tc);
- principals = null; // TODO getPrincipals(userID);
+ userID = tokenInfo.getUserId();
+ principals = getPrincipals(userID);
+
+ log.debug("Login: adding login name to shared state.");
+ sharedState.put(SHARED_KEY_LOGIN_NAME, userID);
return true;
}
}
@@ -78,7 +81,7 @@ public class TokenLoginModule extends Ab
@Override
public boolean commit() throws LoginException {
- if (tokenCredentials != null || !principals.isEmpty()) {
+ if (tokenCredentials != null) {
if (!subject.isReadOnly()) {
subject.getPublicCredentials().add(tokenCredentials);
subject.getPrincipals().addAll(principals);
@@ -89,21 +92,19 @@ public class TokenLoginModule extends Ab
if (tokenProvider != null && sharedState.containsKey(SHARED_KEY_CREDENTIALS)) {
Credentials shared = getSharedCredentials();
- if (shared != null) {
- if (tokenProvider.doCreateToken(shared)) {
- TokenInfo ti = tokenProvider.createToken(shared);
- if (ti != null) {
- TokenCredentials tc = new TokenCredentials(ti.getToken());
- Map<String, String> attributes = ti.getPrivateAttributes();
- for (String name : attributes.keySet()) {
- tc.setAttribute(name, attributes.get(name));
- }
- attributes = ti.getPublicAttributes();
- for (String name : attributes.keySet()) {
- tc.setAttribute(name, attributes.get(name));
- }
- subject.getPublicCredentials().add(tc);
+ if (shared != null && tokenProvider.doCreateToken(shared)) {
+ TokenInfo ti = tokenProvider.createToken(shared);
+ if (ti != null) {
+ TokenCredentials tc = new TokenCredentials(ti.getToken());
+ Map<String, String> attributes = ti.getPrivateAttributes();
+ for (String name : attributes.keySet()) {
+ tc.setAttribute(name, attributes.get(name));
+ }
+ attributes = ti.getPublicAttributes();
+ for (String name : attributes.keySet()) {
+ tc.setAttribute(name, attributes.get(name));
}
+ subject.getPublicCredentials().add(tc);
}
}
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java?rev=1376102&r1=1376101&r2=1376102&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java Wed Aug 22 15:49:20 2012
@@ -27,6 +27,7 @@ import java.util.Date;
import java.util.GregorianCalendar;
import java.util.HashMap;
import java.util.Map;
+import javax.annotation.CheckForNull;
import javax.jcr.Credentials;
import javax.jcr.SimpleCredentials;
@@ -105,11 +106,11 @@ public class TokenProviderImpl implement
public TokenInfo createToken(Credentials credentials) {
if (credentials instanceof SimpleCredentials) {
final SimpleCredentials sc = (SimpleCredentials) credentials;
- String userID = sc.getUserID();
+ String userId = sc.getUserID();
CoreValueFactory valueFactory = contentSession.getCoreValueFactory();
try {
- Tree userTree = userProvider.getAuthorizable(userID, Type.USER);
+ Tree userTree = userProvider.getAuthorizable(userId, Type.USER);
if (userTree != null) {
NodeUtil userNode = new NodeUtil(userTree, valueFactory);
NodeUtil tokenParent = userNode.getChild(TOKENS_NODE_NAME);
@@ -143,9 +144,9 @@ public class TokenProviderImpl implement
// also set the new token to the simple credentials.
sc.setAttribute(TOKEN_ATTRIBUTE, token);
- return new TokenInfoImpl(tokenNode, token);
+ return new TokenInfoImpl(tokenNode, token, userId);
} else {
- log.debug("Cannot create login token: No corresponding node for User " + userID + '.');
+ log.debug("Cannot create login token: No corresponding node for User " + userId + '.');
}
} catch (NoSuchAlgorithmException e) {
@@ -165,7 +166,12 @@ public class TokenProviderImpl implement
int pos = token.indexOf(DELIM);
String tokenPath = (pos == -1) ? token : token.substring(0, pos);
Tree tokenTree = root.getTree(tokenPath);
- return (tokenTree == null) ? null : new TokenInfoImpl(new NodeUtil(tokenTree, contentSession), token);
+ String userId = getUserId(tokenTree);
+ if (tokenTree == null || userId == null) {
+ return null;
+ } else {
+ return new TokenInfoImpl(new NodeUtil(tokenTree, contentSession), token, userId);
+ }
}
@Override
@@ -206,17 +212,6 @@ public class TokenProviderImpl implement
//--------------------------------------------------------------------------
- /**
- * Returns {@code true} if the specified {@code attributeName}
- * starts with or equals {@link #TOKEN_ATTRIBUTE}.
- *
- * @param attributeName
- * @return {@code true} if the specified {@code attributeName}
- * starts with or equals {@link #TOKEN_ATTRIBUTE}.
- */
- private static boolean isMandatoryAttribute(String attributeName) {
- return attributeName != null && attributeName.startsWith(TOKEN_ATTRIBUTE);
- }
private static String generateKey(int size) {
SecureRandom random = new SecureRandom();
@@ -231,6 +226,7 @@ public class TokenProviderImpl implement
return res.toString();
}
+ @CheckForNull
private Tree getTokenTree(TokenInfo tokenInfo) {
if (tokenInfo instanceof TokenInfoImpl) {
return root.getTree(((TokenInfoImpl) tokenInfo).tokenPath);
@@ -239,22 +235,35 @@ public class TokenProviderImpl implement
}
}
+ @CheckForNull
+ private String getUserId(Tree tokenTree) {
+ if (tokenTree != null) {
+ Tree userTree = tokenTree.getParent().getParent();
+ return userProvider.getAuthorizableId(userTree, Type.USER);
+ }
+
+ return null;
+ }
+
//--------------------------------------------------------------------------
private static class TokenInfoImpl implements TokenInfo {
private final String token;
private final String tokenPath;
+ private final String userId;
private final long expirationTime;
private final String key;
- private Map<String, String> mandatoryAttributes;
- private Map<String, String> publicAttributes;
+
+ private final Map<String, String> mandatoryAttributes;
+ private final Map<String, String> publicAttributes;
- private TokenInfoImpl(NodeUtil tokenNode, String token) {
+ private TokenInfoImpl(NodeUtil tokenNode, String token, String userId) {
this.token = token;
this.tokenPath = tokenNode.getTree().getPath();
+ this.userId = userId;
expirationTime = tokenNode.getLong(TOKEN_ATTRIBUTE_EXPIRY, Long.MIN_VALUE);
key = tokenNode.getString(TOKEN_ATTRIBUTE_KEY, null);
@@ -273,6 +282,13 @@ public class TokenProviderImpl implement
}
}
+ //------------------------------------------------------< TokenInfo >---
+
+ @Override
+ public String getUserId() {
+ return userId;
+ }
+
@Override
public String getToken() {
return token;
@@ -319,6 +335,18 @@ public class TokenProviderImpl implement
}
/**
+ * Returns {@code true} if the specified {@code attributeName}
+ * starts with or equals {@link #TOKEN_ATTRIBUTE}.
+ *
+ * @param attributeName
+ * @return {@code true} if the specified {@code attributeName}
+ * starts with or equals {@link #TOKEN_ATTRIBUTE}.
+ */
+ private static boolean isMandatoryAttribute(String attributeName) {
+ return attributeName != null && attributeName.startsWith(TOKEN_ATTRIBUTE);
+ }
+
+ /**
* Returns {@code false} if the specified attribute name doesn't have
* a 'jcr' or 'rep' namespace prefix; {@code true} otherwise. This is
* a lazy evaluation in order to avoid testing the defining node type of
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java?rev=1376102&r1=1376101&r2=1376102&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java Wed Aug 22 15:49:20 2012
@@ -219,21 +219,23 @@ class UserProviderImpl extends Authoriza
}
@Override
- public String getAuthorizableId(Tree authorizableTree) {
+ public String getAuthorizableId(Tree authorizableTree, Type authorizableType) {
assert authorizableTree != null;
- PropertyState idProp = authorizableTree.getProperty(UserConstants.REP_AUTHORIZABLE_ID);
- if (idProp != null) {
- return idProp.getValue().getString();
- } else {
- return Text.unescapeIllegalJcrChars(authorizableTree.getName());
+ if (isAuthorizableTree(authorizableTree, authorizableType)) {
+ PropertyState idProp = authorizableTree.getProperty(UserConstants.REP_AUTHORIZABLE_ID);
+ if (idProp != null) {
+ return idProp.getValue().getString();
+ } else {
+ return Text.unescapeIllegalJcrChars(authorizableTree.getName());
+ }
}
+ return null;
}
@Override
public boolean isAdminUser(Tree userTree) {
assert userTree != null;
- return isAuthorizableTree(userTree, Type.USER) &&
- adminId.equals(getAuthorizableId(userTree));
+ return adminId.equals(getAuthorizableId(userTree, Type.USER));
}
@Override
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java?rev=1376102&r1=1376101&r2=1376102&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java Wed Aug 22 15:49:20 2012
@@ -17,6 +17,8 @@
package org.apache.jackrabbit.oak.spi.security.authentication;
import java.io.IOException;
+import java.security.Principal;
+import java.util.Collections;
import java.util.Map;
import java.util.Set;
import javax.annotation.CheckForNull;
@@ -28,6 +30,7 @@ import javax.security.auth.callback.Unsu
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
+import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -143,4 +146,31 @@ public abstract class AbstractLoginModul
return null;
}
}
+
+
+ protected Set<Principal> getPrincipals(String userID) {
+ PrincipalProvider principalProvider = getPrincipalProvider();
+ if (principalProvider == null) {
+ log.debug("Cannot retrieve principals. No principal provider configured.");
+ return Collections.emptySet();
+ } else {
+ return principalProvider.getPrincipals(userID);
+ }
+ }
+
+ private PrincipalProvider getPrincipalProvider() {
+ PrincipalProvider principalProvider = null;
+ if (callbackHandler != null) {
+ try {
+ PrincipalProviderCallback principalCallBack = new PrincipalProviderCallback();
+ callbackHandler.handle(new Callback[] {principalCallBack});
+ principalProvider = principalCallBack.getPrincipalProvider();
+ } catch (IOException e) {
+ log.warn(e.getMessage());
+ } catch (UnsupportedCallbackException e) {
+ log.warn(e.getMessage());
+ }
+ }
+ return principalProvider;
+ }
}
Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/Authentication.java (from r1376019, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/Authentication.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/Authentication.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/Authentication.java&p1=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/Authentication.java&r1=1376019&r2=1376102&rev=1376102&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/Authentication.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/Authentication.java Wed Aug 22 15:49:20 2012
@@ -14,11 +14,11 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.jackrabbit.oak.security.authentication;
+package org.apache.jackrabbit.oak.spi.security.authentication;
-import javax.jcr.Credentials;
import java.security.Principal;
import java.util.Set;
+import javax.jcr.Credentials;
/**
* The {@code Authentication} interface defines methods to validate
@@ -38,8 +38,6 @@ import java.util.Set;
*/
public interface Authentication {
- // TODO: evaluate if that should part of SPI package.
-
/**
* Validates the specified {@code Credentials} and returns {@code true} if
* the validation was successful.
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java?rev=1376102&r1=1376101&r2=1376102&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java Wed Aug 22 15:49:20 2012
@@ -17,12 +17,10 @@
package org.apache.jackrabbit.oak.spi.security.user;
import java.security.Principal;
-import java.util.List;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import javax.jcr.RepositoryException;
-import org.apache.jackrabbit.oak.api.CoreValue;
import org.apache.jackrabbit.oak.api.Tree;
/**
@@ -49,8 +47,8 @@ public interface UserProvider {
@CheckForNull
Tree getAuthorizableByPrincipal(Principal principal);
- @Nonnull
- String getAuthorizableId(Tree authorizableTree);
+ @CheckForNull
+ String getAuthorizableId(Tree authorizableTree, Type authorizableType);
boolean isAdminUser(Tree userTree);
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java?rev=1376102&r1=1376101&r2=1376102&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java Wed Aug 22 15:49:20 2012
@@ -253,7 +253,7 @@ public class UserProviderImplTest extend
root.commit(DefaultConflictHandler.OURS);
assertEquals(defaultUserPath + m.get(uid), user.getPath());
- assertEquals(uid, userProvider.getAuthorizableId(user));
+ assertEquals(uid, userProvider.getAuthorizableId(user, Type.USER));
Tree ath = userProvider.getAuthorizable(uid);
assertNotNull("Tree with id " + uid + " must exist.", ath);
@@ -344,11 +344,16 @@ public class UserProviderImplTest extend
String userID = "Amanda";
Tree user = up.createUser(userID, null);
- assertEquals(userID, up.getAuthorizableId(user));
+ assertEquals(userID, up.getAuthorizableId(user, Type.USER));
+ assertEquals(userID, up.getAuthorizableId(user, Type.AUTHORIZABLE));
+ assertNull(up.getAuthorizableId(user, Type.GROUP));
+
String groupID = "visitors";
Tree group = up.createGroup(groupID, null);
- assertEquals(groupID, up.getAuthorizableId(group));
+ assertEquals(groupID, up.getAuthorizableId(group, Type.GROUP));
+ assertEquals(groupID, up.getAuthorizableId(group, Type.AUTHORIZABLE));
+ assertNull(up.getAuthorizableId(group, Type.USER));
}
@Test
Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImpl.java?rev=1376102&r1=1376101&r2=1376102&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImpl.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImpl.java Wed Aug 22 15:49:20 2012
@@ -36,6 +36,7 @@ import org.apache.jackrabbit.commons.ite
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.security.user.MembershipProvider;
+import org.apache.jackrabbit.oak.spi.security.user.Type;
import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
import org.apache.jackrabbit.util.Text;
import org.slf4j.Logger;
@@ -80,7 +81,7 @@ abstract class AuthorizableImpl implemen
*/
@Override
public String getID() {
- return userManager.getUserProvider().getAuthorizableId(tree);
+ return userManager.getUserProvider().getAuthorizableId(tree, (isGroup()) ? Type.GROUP : Type.USER);
}
/**